My IOS app is using Auth0 for authentication. I’m using Auth0 version 1.34. When a user logs in we call 2 functions. The first function is the one that authenticates users via Auth0. The code looks like this:
Auth0
.webAuth(clientId: currentEnvironment.auth0ClientId,
domain: currentEnvironment.auth0Domain)
.scope(currentEnvironment.auth0Scope)
.audience(currentEnvironment.auth0Audience)
.parameters(["display": "popup", "prompt": "login"])
.start { response in
switch response {
case let .failure(error):
completion(nil, error)
case let .success(credentials):
completion(credentials, nil)
}
}
immediately after this completes successfully we make another API to our backend to create the user account and sometimes this 2nd call fails. In this case we show the user an error dialog with a button named “Retry” which restart the whole process. This starts by re-calling the function above, but when that happens, Auth0 seems to work, it opens the web browser, it shows me the providers that we support, lets me choose one and choose my account, but then it returns with a “Cancelled” error. Your IOS SDK has a comment that reads:
"Any on going WebAuth Auth session will be automatically cancelled when starting a new one, and it’s corresponding callback with be called with a failure result of Authentication.Error.Cancelled
So it looks like I’m not properly logging out or closing this “session”. I don’t completely understand what a Session even is and your documentation doesn’t seem to explain it. So what am I missing? How can I properly “reset” my Auth0 class so that my users can retry the login process? The IOS SDK says I need to use
This does not silently reset my Auth class and instead it opens yet another browser window and looks like it’s trying to log me in again. What am I doing wrong?
I recommend reviewing our Sessions and Logout documentation for a detailed explanation of the different session layers when logging users out.
Next, I checked the Auth0 Swift SDK and confirmed the correct method to log your users out is with the clearSession() method. With that, I suggest checking your Auth0 Logs to verify that the user is logged out and that you can view those events in your logs. You should filter for the slo log event type code.
Ultimately, you must ensure that the user’s session is cleared before retrying the whole process again.
I have looked at your documentation and found it lacking. I need example for Swift as I’m working on an IOS app. Your Logout documentation says there are 3 types of session layers I need to worry about; Application Session layer, Auth0 session layer and Identity Provider Session layer. None of the links on that page take me to any sort of sample code or IOS/Swift examples of how to achieve this.
Where can I find Swift examples for logging out of each of these layer types?
Let’s focus on the first layer, logging out of the Application Session layer. Your one page on this topic focuses on Single Sign-on, which is not relevant. Your one page does not contain an examples of how to achieve this, in any language. None of the additional links point to any relevant documentation. Your sample IOS app shows one example of logout and does not mentioned which of the 3 layers or combination of them it is attempting, but it’s not what I am looking for since it’s opening a strange browser window, and I’m not sure what it’s trying to do.
I do not claim to be an authentication expert. I’m trying to learn Auth0’s terminology and your documentation is not helping. I’m not sure why all of your logout documentation focuses on logout URLs when mentioning logging out. When I use the Reddit mobile app, BlueSky, Pokemon Go none of those apps require me to open a browser window to logout of those apps. So what’s the purpose of these urls? Why is Auth0 requiring me to open a browser window to log out of my app?
I would think this is a fairly simple scenario. It’s not uncommon that a user would log out of an account and attempt to log into another in a mobile app. And it is common for apps to open a browser to login, when using OAuth. My problem is I haven’t seen any documentation that explains why AuthO is returning to me this CANCELLED error when I attempt a second login. My only guess is that I’m not properly logging the user out…or not properly resetting the Auth0 configuration, but you might call this something else.
In our Swift SDK sample app, here is the code referencing how to log a user out.
You could optionally download the sample app and test the behavior on your machine to verify the logout functionality.
Calling the clearSession() method removes the user’s session from Auth0 (Auth0 session layer). You will also need to log them out of the application session layer, by calling credentialsManager.clear(). I suggest referring to the CredentialsManager class for more information.